Digital Security: Password Strategy

Sep 12, 2014

We increasingly rely on passwords even as that security model becomes more vulnerable to sophisticated attacks and social engineering and human error remain serious threats.

The solution? Use a sound password strategy and password manager application to minimize the risk while staying sane.

The most important thing? Don’t get discouraged, and don’t let the perfect be the enemy of the good. Implementing a perfect password strategy is a daunting prospect, but a better password strategy will make you safer than you are now.

Also - don't ever make your most important passwords (like the ones you use for online banking) public knowledge. In the real world I have found this to be far more important than using truly random, very long passwords that are designed to defeat a brute force attack.

The problem is that people tend to use the same passwords over and over again for different sites and purposes. The same one that they use to secure their home wifi network, and happily share with anyone that asks for it, is also the only thing protecting their bank account!

General Password Guidelines

don’t reuse the same password on different sites

use a password manager app to create and securely store strong, truly random passwords and sync them across all your devices

make sure someone you truly trust has access, just like you would your bank accounts

use two-factor authentication when possible

security questions are the achilles heel. Don’t give real answers which can easily be figured out in the era of social media, instead use fake answers stored in your password manager

Managing Passwords

A secure password strategy depends on many unique and complex passwords. How do you keep track of them across multiple devices? Use password management software to create strong and truly random passwords and sync them across multiple devices.

Suggestion

1Password https://agilebits.com/onepassword

Supported Platforms: Android, iOS, Mac OS X, WindowsCost: $50

1Password creates and saves strong, unique passwords for every site, app, and service you use and syncs across all your devices automatically, ready to be automatically filled when needed. It's a simple way to protect yourself from password reuse, data breaches, and password memory loss.

You can also create additional vaults and share them securely with your family or team members and automatic syncing keeps everyone up-to-date. For example you might share business logins with your co-workers, personal information with your spouse, etc.